Adrian Johnson
TLDR:
- The Stanford University data breach involved a ransomware attack by the Akira ransomware gang.
- Over 27,000 individuals were affected, with compromised information including sensitive data like Social Security numbers, credit card information, and biometric data.
The Stanford University data breach occurred between May 12, 2023, and September 27, 2023, involving a ransomware attack by the Akira ransomware gang. The compromised information varied but could include dates of birth, Social Security numbers, government IDs, passport numbers, driver’s licenses, and potentially biometric data, health/medical information, email addresses with passwords, usernames with passwords, security questions and answers, digital signatures, and credit card information with security codes. The breach has put over 27,000 individuals at risk, including 3 Maine residents, with the delay in detection potentially giving bad actors ample time to misuse the exposed information for identity theft and financial fraud. Stanford University began notifying affected individuals through breach notification letters in March 2024, offering 24 months of complimentary credit monitoring and identity protection services to mitigate the breach’s impact. The university has been transparent about the breach, isolating the compromised system to the Department of Public Safety and collaborating with law enforcement for ongoing investigations to prevent future cyber incidents.
